Hackers Steal Data of 515,000 At-Risk People from Red Cross

Close up of Red Cross Worker distributing water and other supplies

The International Committee of the Red Cross (ICRC) was the victim of a cyber attack in which hackers stole the personal information of 515,000 people. It added that these people are extremely vulnerable, and some had escaped from conflicts.

Data Stolen from Over 60 Red Cross Operations Globally

The data breach is the result of a sophisticated cyberattack on the computer servers which host ICRC information. The servers belong to a company based in Switzerland, which ICRC contracts to store its data.

In a statement, the ICRC said the attack was detected earlier this week and said the attack put the affected vulnerable people at further risk. The stolen information is not limited to a particular Red Cross operation or mission. In fact, it comes from at least 60 Red Cross and Red Crescent National Societies from across the globe.

At this time, the ICRC does not have any information on the attack perpetrator. Furthermore, there is no evidence that the stolen data is out in the public domain.

The affected people include “those separated from their families due to conflict, migration, and disaster, missing persons and their families, and people in detention.”

Robert Mardini, ICRC’s director-general, said, “we are working closely with our humanitarian partners worldwide to understand the scope of the attack and take the appropriate measures to safeguard our data in the future.”

The ICRC runs a program called Restoring Family Links along with the wider Red Cross and Red Crescent network. The program aims to reunite family members torn apart by conflict, disaster, migration, etc.

Unfortunately, the attack has forced the ICRC to shut down systems that are crucial for the program. This in turn affects their ability to continue their efforts to reunite family members.

Every day, the Red Cross Red Crescent Movement helps reunite on average 12 missing people with their families. That’s a dozen joyful family reunifications every day. Cyber-attacks like this jeopardize that essential work,” Mardini stated.

ICRC Urges Perpetrator to “Do the Right Thing”

In its statement, the ICRC said it was most concerned about the safety of the people and families the organization aims to help and protect.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” Mardini said.

“This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk,” he added.

Mardini said the data belongs to some of the most distressed people in the world. He appealed to the hackers to refrain from doing anything that would put them in more danger.

Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak, or otherwise use this data.”

Personal data breaches often lead to further cyber attacks. A cybercriminal can try to use information such as names, phone numbers, and email addresses to get more sensitive information, like bank account details.

Check out our resource on phishing to learn more about such attacks, and what you can do to protect yourself.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.